func unmarshalError(req *Request) { bodyBytes, err := ioutil.ReadAll(req.HTTPResponse.Body) if err != nil { req.Error = apierr.New("UnmarshaleError", req.HTTPResponse.Status, err) return } if len(bodyBytes) == 0 { req.Error = apierr.NewRequestError( apierr.New("UnmarshaleError", req.HTTPResponse.Status, fmt.Errorf("empty body")), req.HTTPResponse.StatusCode, "", ) return } var jsonErr jsonErrorResponse if err := json.Unmarshal(bodyBytes, &jsonErr); err != nil { req.Error = apierr.New("UnmarshaleError", "JSON unmarshal", err) return } req.Error = apierr.NewRequestError( apierr.New(jsonErr.Code, jsonErr.Message, nil), req.HTTPResponse.StatusCode, "", ) }
func TestAfterRetryRefreshCreds(t *testing.T) { os.Clearenv() credProvider := &mockCredsProvider{} svc := NewService(&Config{Credentials: credentials.NewCredentials(credProvider), MaxRetries: 1}) svc.Handlers.Clear() svc.Handlers.ValidateResponse.PushBack(func(r *Request) { r.Error = apierr.New("UnknownError", "", nil) r.HTTPResponse = &http.Response{StatusCode: 400} }) svc.Handlers.UnmarshalError.PushBack(func(r *Request) { r.Error = apierr.New("ExpiredTokenException", "", nil) }) svc.Handlers.AfterRetry.PushBack(func(r *Request) { AfterRetryHandler(r) }) assert.True(t, svc.Config.Credentials.IsExpired(), "Expect to start out expired") assert.False(t, credProvider.retreiveCalled) req := NewRequest(svc, &Operation{Name: "Operation"}, nil, nil) req.Send() assert.True(t, svc.Config.Credentials.IsExpired()) assert.False(t, credProvider.retreiveCalled) _, err := svc.Config.Credentials.Get() assert.NoError(t, err) assert.True(t, credProvider.retreiveCalled) }
func unmarshalError(r *aws.Request) { defer r.HTTPResponse.Body.Close() if r.HTTPResponse.ContentLength == int64(0) { // No body, use status code to generate an awserr.Error r.Error = apierr.NewRequestError( apierr.New(strings.Replace(r.HTTPResponse.Status, " ", "", -1), r.HTTPResponse.Status, nil), r.HTTPResponse.StatusCode, "", ) return } resp := &xmlErrorResponse{} err := xml.NewDecoder(r.HTTPResponse.Body).Decode(resp) if err != nil && err != io.EOF { r.Error = apierr.New("Unmarshal", "failed to decode S3 XML error response", nil) } else { r.Error = apierr.NewRequestError( apierr.New(resp.Code, resp.Message, nil), r.HTTPResponse.StatusCode, "", ) } }
func TestChainProviderWithNoValidProvider(t *testing.T) { p := &ChainProvider{ Providers: []Provider{ &stubProvider{err: apierr.New("FirstError", "first provider error", nil)}, &stubProvider{err: apierr.New("SecondError", "second provider error", nil)}, }, } assert.True(t, p.IsExpired(), "Expect expired with no providers") _, err := p.Retrieve() assert.Equal(t, ErrNoValidProvidersFoundInChain, err, "Expect no providers error returned") }
// UnmarshalError unmarshals an error response for an AWS Query service. func UnmarshalError(r *aws.Request) { defer r.HTTPResponse.Body.Close() resp := &xmlErrorResponse{} err := xml.NewDecoder(r.HTTPResponse.Body).Decode(resp) if err != nil && err != io.EOF { r.Error = apierr.New("Unmarshal", "failed to decode query XML error response", err) } else { r.Error = apierr.NewRequestError( apierr.New(resp.Code, resp.Message, nil), r.HTTPResponse.StatusCode, resp.RequestID, ) } }
// SendHandler is a request handler to send service request using HTTP client. func SendHandler(r *Request) { var err error r.HTTPResponse, err = r.Service.Config.HTTPClient.Do(r.HTTPRequest) if err != nil { // Capture the case where url.Error is returned for error processing // response. e.g. 301 without location header comes back as string // error and r.HTTPResponse is nil. Other url redirect errors will // comeback in a similar method. if e, ok := err.(*url.Error); ok { if s := reStatusCode.FindStringSubmatch(e.Error()); s != nil { code, _ := strconv.ParseInt(s[1], 10, 64) r.HTTPResponse = &http.Response{ StatusCode: int(code), Status: http.StatusText(int(code)), Body: ioutil.NopCloser(bytes.NewReader([]byte{})), } return } } if r.HTTPRequest == nil { // Add a dummy request response object to ensure the HTTPResponse // value is consistent. r.HTTPResponse = &http.Response{ StatusCode: int(0), Status: http.StatusText(int(0)), Body: ioutil.NopCloser(bytes.NewReader([]byte{})), } } // Catch all other request errors. r.Error = apierr.New("RequestError", "send request failed", err) r.Retryable.Set(true) // network errors are retryable } }
// Retrieve retrieves credentials from the EC2 service. // Error will be returned if the request fails, or unable to extract // the desired credentials. func (m *EC2RoleProvider) Retrieve() (Value, error) { if m.Client == nil { m.Client = http.DefaultClient } if m.Endpoint == "" { m.Endpoint = metadataCredentialsEndpoint } credsList, err := requestCredList(m.Client, m.Endpoint) if err != nil { return Value{}, err } if len(credsList) == 0 { return Value{}, apierr.New("EmptyEC2RoleList", "empty EC2 Role list", nil) } credsName := credsList[0] roleCreds, err := requestCred(m.Client, m.Endpoint, credsName) if err != nil { return Value{}, err } m.expiresOn = roleCreds.Expiration if m.ExpiryWindow > 0 { // Offset based on expiry window if set. m.expiresOn = m.expiresOn.Add(-m.ExpiryWindow) } return Value{ AccessKeyID: roleCreds.AccessKeyID, SecretAccessKey: roleCreds.SecretAccessKey, SessionToken: roleCreds.Token, }, nil }
func buildQueryString(r *aws.Request, v reflect.Value, name string, query url.Values) { str, err := convertType(v) if err != nil { r.Error = apierr.New("Marshal", "failed to encode REST request", err) } else if str != nil { query.Set(name, *str) } }
func buildHeader(r *aws.Request, v reflect.Value, name string) { str, err := convertType(v) if err != nil { r.Error = apierr.New("Marshal", "failed to encode REST request", err) } else if str != nil { r.HTTPRequest.Header.Add(name, *str) } }
// requestCred requests the credentials for a specific credentials from the EC2 service. // // If the credentials cannot be found, or there is an error reading the response // and error will be returned. func requestCred(client *http.Client, endpoint, credsName string) (*ec2RoleCredRespBody, error) { resp, err := client.Get(endpoint + credsName) if err != nil { return nil, apierr.New("GetEC2RoleCredentials", fmt.Sprintf("failed to get %s EC2 Role credentials", credsName), err) } defer resp.Body.Close() respCreds := &ec2RoleCredRespBody{} if err := json.NewDecoder(resp.Body).Decode(respCreds); err != nil { return nil, apierr.New("DecodeEC2RoleCredentials", fmt.Sprintf("failed to decode %s EC2 Role credentials", credsName), err) } return respCreds, nil }
// requestCredList requests a list of credentials from the EC2 service. // If there are no credentials, or there is an error making or receiving the request func requestCredList(client *http.Client, endpoint string) ([]string, error) { resp, err := client.Get(endpoint) if err != nil { return nil, apierr.New("ListEC2Role", "failed to list EC2 Roles", err) } defer resp.Body.Close() credsList := []string{} s := bufio.NewScanner(resp.Body) for s.Scan() { credsList = append(credsList, s.Text()) } if err := s.Err(); err != nil { return nil, apierr.New("ReadEC2Role", "failed to read list of EC2 Roles", err) } return credsList, nil }
// internal logic for deciding whether to upload a single part or use a // multipart upload. func (u *uploader) upload() (*UploadOutput, error) { u.init() if u.opts.PartSize < MinUploadPartSize { msg := fmt.Sprintf("part size must be at least %d bytes", MinUploadPartSize) return nil, apierr.New("ConfigError", msg, nil) } // Do one read to determine if we have more than one part buf, err := u.nextReader() if err == io.EOF || err == io.ErrUnexpectedEOF { // single part return u.singlePart(buf) } else if err != nil { return nil, apierr.New("ReadRequestBody", "read upload data failed", err) } mu := multiuploader{uploader: u} return mu.upload(buf) }
func buildHeaderMap(r *aws.Request, v reflect.Value, prefix string) { for _, key := range v.MapKeys() { str, err := convertType(v.MapIndex(key)) if err != nil { r.Error = apierr.New("Marshal", "failed to encode REST request", err) } else if str != nil { r.HTTPRequest.Header.Add(prefix+key.String(), *str) } } }
// Unmarshal unmarshals a response for an AWS Query service. func Unmarshal(r *aws.Request) { defer r.HTTPResponse.Body.Close() if r.DataFilled() { decoder := xml.NewDecoder(r.HTTPResponse.Body) err := xmlutil.UnmarshalXML(r.Data, decoder, r.Operation.Name+"Result") if err != nil { r.Error = apierr.New("Unmarshal", "failed decoding Query response", err) return } } }
func buildURI(r *aws.Request, v reflect.Value, name string) { value, err := convertType(v) if err != nil { r.Error = apierr.New("Marshal", "failed to encode REST request", err) } else if value != nil { uri := r.HTTPRequest.URL.Path uri = strings.Replace(uri, "{"+name+"}", EscapePath(*value, true), -1) uri = strings.Replace(uri, "{"+name+"+}", EscapePath(*value, false), -1) r.HTTPRequest.URL.Path = uri } }
// ValidateParameters is a request handler to validate the input parameters. // Validating parameters only has meaning if done prior to the request being sent. func ValidateParameters(r *Request) { if r.ParamsFilled() { v := validator{errors: []string{}} v.validateAny(reflect.ValueOf(r.Params), "") if count := len(v.errors); count > 0 { format := "%d validation errors:\n- %s" msg := fmt.Sprintf(format, count, strings.Join(v.errors, "\n- ")) r.Error = apierr.New("InvalidParameter", msg, nil) } } }
func TestChainProviderGet(t *testing.T) { p := &ChainProvider{ Providers: []Provider{ &stubProvider{err: apierr.New("FirstError", "first provider error", nil)}, &stubProvider{err: apierr.New("SecondError", "second provider error", nil)}, &stubProvider{ creds: Value{ AccessKeyID: "AKID", SecretAccessKey: "SECRET", SessionToken: "", }, }, }, } creds, err := p.Retrieve() assert.Nil(t, err, "Expect no error") assert.Equal(t, "AKID", creds.AccessKeyID, "Expect access key ID to match") assert.Equal(t, "SECRET", creds.SecretAccessKey, "Expect secret access key to match") assert.Empty(t, creds.SessionToken, "Expect session token to be empty") }
func unmarshalBody(r *aws.Request, v reflect.Value) { if field, ok := v.Type().FieldByName("SDKShapeTraits"); ok { if payloadName := field.Tag.Get("payload"); payloadName != "" { pfield, _ := v.Type().FieldByName(payloadName) if ptag := pfield.Tag.Get("type"); ptag != "" && ptag != "structure" { payload := v.FieldByName(payloadName) if payload.IsValid() { switch payload.Interface().(type) { case []byte: b, err := ioutil.ReadAll(r.HTTPResponse.Body) if err != nil { r.Error = apierr.New("Unmarshal", "failed to decode REST response", err) } else { payload.Set(reflect.ValueOf(b)) } case *string: b, err := ioutil.ReadAll(r.HTTPResponse.Body) if err != nil { r.Error = apierr.New("Unmarshal", "failed to decode REST response", err) } else { str := string(b) payload.Set(reflect.ValueOf(&str)) } default: switch payload.Type().String() { case "io.ReadSeeker": payload.Set(reflect.ValueOf(aws.ReadSeekCloser(r.HTTPResponse.Body))) case "aws.ReadSeekCloser", "io.ReadCloser": payload.Set(reflect.ValueOf(r.HTTPResponse.Body)) default: r.Error = apierr.New("Unmarshal", "failed to decode REST response", fmt.Errorf("unknown payload type %s", payload.Type())) } } } } } } }
// contentMD5 computes and sets the HTTP Content-MD5 header for requests that // require it. func contentMD5(r *aws.Request) { h := md5.New() // hash the body. seek back to the first position after reading to reset // the body for transmission. copy errors may be assumed to be from the // body. _, err := io.Copy(h, r.Body) if err != nil { r.Error = apierr.New("ContentMD5", "failed to read body", err) return } _, err = r.Body.Seek(0, 0) if err != nil { r.Error = apierr.New("ContentMD5", "failed to seek body", err) return } // encode the md5 checksum in base64 and set the request header. sum := h.Sum(nil) sum64 := make([]byte, base64.StdEncoding.EncodedLen(len(sum))) base64.StdEncoding.Encode(sum64, sum) r.HTTPRequest.Header.Set("Content-MD5", string(sum64)) }
func unmarshalLocationElements(r *aws.Request, v reflect.Value) { for i := 0; i < v.NumField(); i++ { m, field := v.Field(i), v.Type().Field(i) if n := field.Name; n[0:1] == strings.ToLower(n[0:1]) { continue } if m.IsValid() { name := field.Tag.Get("locationName") if name == "" { name = field.Name } switch field.Tag.Get("location") { case "statusCode": unmarshalStatusCode(m, r.HTTPResponse.StatusCode) case "header": err := unmarshalHeader(m, r.HTTPResponse.Header.Get(name)) if err != nil { r.Error = apierr.New("Unmarshal", "failed to decode REST response", err) break } case "headers": prefix := field.Tag.Get("locationName") err := unmarshalHeaderMap(m, r.HTTPResponse.Header, prefix) if err != nil { r.Error = apierr.New("Unmarshal", "failed to decode REST response", err) break } } } if r.Error != nil { return } } }
func buildGetBucketLocation(r *aws.Request) { if r.DataFilled() { out := r.Data.(*GetBucketLocationOutput) b, err := ioutil.ReadAll(r.HTTPResponse.Body) if err != nil { r.Error = apierr.New("Unmarshal", "failed reading response body", err) return } match := reBucketLocation.FindSubmatch(b) if len(match) > 1 { loc := string(match[1]) out.LocationConstraint = &loc } } }
// Build builds a request for an AWS Query service. func Build(r *aws.Request) { body := url.Values{ "Action": {r.Operation.Name}, "Version": {r.Service.APIVersion}, } if err := queryutil.Parse(body, r.Params, false); err != nil { r.Error = apierr.New("Marshal", "failed encoding Query request", err) return } if r.ExpireTime == 0 { r.HTTPRequest.Method = "POST" r.HTTPRequest.Header.Set("Content-Type", "application/x-www-form-urlencoded; charset=utf-8") r.SetBufferBody([]byte(body.Encode())) } else { // This is a pre-signed request r.HTTPRequest.Method = "GET" r.HTTPRequest.URL.RawQuery = body.Encode() } }
func buildBody(r *aws.Request, v reflect.Value) { if field, ok := v.Type().FieldByName("SDKShapeTraits"); ok { if payloadName := field.Tag.Get("payload"); payloadName != "" { pfield, _ := v.Type().FieldByName(payloadName) if ptag := pfield.Tag.Get("type"); ptag != "" && ptag != "structure" { payload := reflect.Indirect(v.FieldByName(payloadName)) if payload.IsValid() && payload.Interface() != nil { switch reader := payload.Interface().(type) { case io.ReadSeeker: r.SetReaderBody(reader) case []byte: r.SetBufferBody(reader) case string: r.SetStringBody(reader) default: r.Error = apierr.New("Marshal", "failed to encode REST request", fmt.Errorf("unknown payload type %s", payload.Type())) } } } } } }
package credentials import ( "os" "github.com/convox/cli/Godeps/_workspace/src/github.com/aws/aws-sdk-go/internal/apierr" ) var ( // ErrAccessKeyIDNotFound is returned when the AWS Access Key ID can't be // found in the process's environment. ErrAccessKeyIDNotFound = apierr.New("EnvAccessKeyNotFound", "AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY not found in environment", nil) // ErrSecretAccessKeyNotFound is returned when the AWS Secret Access Key // can't be found in the process's environment. ErrSecretAccessKeyNotFound = apierr.New("EnvSecretNotFound", "AWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY not found in environment", nil) ) // A EnvProvider retrieves credentials from the environment variables of the // running process. Environment credentials never expire. // // Environment variables used: // - Access Key ID: AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY // - Secret Access Key: AWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY type EnvProvider struct { retrieved bool } // NewEnvCredentials returns a pointer to a new Credentials object // wrapping the environment variable provider. func NewEnvCredentials() *Credentials { return NewCredentials(&EnvProvider{})
// upload will perform a multipart upload using the firstBuf buffer containing // the first chunk of data. func (u *multiuploader) upload(firstBuf io.ReadSeeker) (*UploadOutput, error) { params := &s3.CreateMultipartUploadInput{} awsutil.Copy(params, u.in) // Create the multipart resp, err := u.opts.S3.CreateMultipartUpload(params) if err != nil { return nil, err } u.uploadID = *resp.UploadID // Create the workers ch := make(chan chunk, u.opts.Concurrency) for i := 0; i < u.opts.Concurrency; i++ { u.wg.Add(1) go u.readChunk(ch) } // Send part 1 to the workers var num int64 = 1 ch <- chunk{buf: firstBuf, num: num} // Read and queue the rest of the parts for u.geterr() == nil { // This upload exceeded maximum number of supported parts, error now. if num > int64(MaxUploadParts) { msg := fmt.Sprintf("exceeded total allowed parts (%d). "+ "Adjust PartSize to fit in this limit", MaxUploadParts) u.seterr(apierr.New("TotalPartsExceeded", msg, nil)) break } num++ buf, err := u.nextReader() if err == io.EOF { break } ch <- chunk{buf: buf, num: num} if err != nil && err != io.ErrUnexpectedEOF { u.seterr(apierr.New("ReadRequestBody", "read multipart upload data failed", err)) break } } // Close the channel, wait for workers, and complete upload close(ch) u.wg.Wait() complete := u.complete() if err := u.geterr(); err != nil { var berr *apierr.BaseError switch t := err.(type) { case *apierr.BaseError: berr = t default: berr = apierr.New("MultipartUpload", "upload multipart failed", err) } return nil, &multiUploadError{ BaseError: berr, uploadID: u.uploadID, } } return &UploadOutput{ Location: *complete.Location, UploadID: u.uploadID, }, nil }
package s3 import ( "crypto/md5" "encoding/base64" "github.com/convox/cli/Godeps/_workspace/src/github.com/aws/aws-sdk-go/aws" "github.com/convox/cli/Godeps/_workspace/src/github.com/aws/aws-sdk-go/aws/awsutil" "github.com/convox/cli/Godeps/_workspace/src/github.com/aws/aws-sdk-go/internal/apierr" ) var errSSERequiresSSL = apierr.New("ConfigError", "cannot send SSE keys over HTTP.", nil) func validateSSERequiresSSL(r *aws.Request) { if r.HTTPRequest.URL.Scheme != "https" { p := awsutil.ValuesAtPath(r.Params, "SSECustomerKey||CopySourceSSECustomerKey") if len(p) > 0 { r.Error = errSSERequiresSSL } } } func computeSSEKeys(r *aws.Request) { headers := []string{ "x-amz-server-side-encryption-customer-key", "x-amz-copy-source-server-side-encryption-customer-key", } for _, h := range headers { md5h := h + "-md5" if key := r.HTTPRequest.Header.Get(h); key != "" {
package credentials import ( "github.com/convox/cli/Godeps/_workspace/src/github.com/aws/aws-sdk-go/internal/apierr" ) var ( // ErrStaticCredentialsEmpty is emitted when static credentials are empty. ErrStaticCredentialsEmpty = apierr.New("EmptyStaticCreds", "static credentials are empty", nil) ) // A StaticProvider is a set of credentials which are set pragmatically, // and will never expire. type StaticProvider struct { Value } // NewStaticCredentials returns a pointer to a new Credentials object // wrapping a static credentials value provider. func NewStaticCredentials(id, secret, token string) *Credentials { return NewCredentials(&StaticProvider{Value: Value{ AccessKeyID: id, SecretAccessKey: secret, SessionToken: token, }}) } // Retrieve returns the credentials or error if the credentials are invalid. func (s *StaticProvider) Retrieve() (Value, error) { if s.AccessKeyID == "" || s.SecretAccessKey == "" { return Value{}, ErrStaticCredentialsEmpty
if err, ok := r.Error.(awserr.Error); ok { if isCodeExpiredCreds(err.Code()) { r.Config.Credentials.Expire() } } } r.RetryCount++ r.Error = nil } } var ( // ErrMissingRegion is an error that is returned if region configuration is // not found. ErrMissingRegion error = apierr.New("MissingRegion", "could not find region configuration", nil) // ErrMissingEndpoint is an error that is returned if an endpoint cannot be // resolved for a service. ErrMissingEndpoint error = apierr.New("MissingEndpoint", "'Endpoint' configuration is required for this service", nil) ) // ValidateEndpointHandler is a request handler to validate a request had the // appropriate Region and Endpoint set. Will set r.Error if the endpoint or // region is not valid. func ValidateEndpointHandler(r *Request) { if r.Service.SigningRegion == "" && r.Service.Config.Region == "" { r.Error = ErrMissingRegion } else if r.Service.Endpoint == "" { r.Error = ErrMissingEndpoint }
// ValidateResponseHandler is a request handler to validate service response. func ValidateResponseHandler(r *Request) { if r.HTTPResponse.StatusCode == 0 || r.HTTPResponse.StatusCode >= 300 { // this may be replaced by an UnmarshalError handler r.Error = apierr.New("UnknownError", "unknown error", nil) } }
func TestCredentialsGetWithError(t *testing.T) { c := NewCredentials(&stubProvider{err: apierr.New("provider error", "", nil), expired: true}) _, err := c.Get() assert.Equal(t, "provider error", err.(awserr.Error).Code(), "Expected provider error") }